SC taxpayers to get hacking notifications

South Carolina will soon start notifying taxpayers if their accounts were among those accessed by an international hacker, according to Gov. Nikki Haley's office.

A spokesman for Haley said Friday that letters from the state Department of Revenue would start going out next week. Rob Godfrey also said that the notifications will be staggered and will go out through the end of this year.

In October, Haley announced that the tax returns of 3.8 million residents and 700,000 businesses had been stolen from Revenue Department computer servers, representing the largest hacking of a state agency in the nation's history. Stolen data included unencrypted Social Security and bank account numbers.

This latest round of state-issued notifications, which only go to those taxpayers whose information was on the compromised servers, costs about $1.2 million - most of that for postage. To send the letters, South Carolina has contracted with SourceLink Carolina LLC, a Greenville-based vendor selected through an emergency procurement process, Haley's office said.

Revenue officials estimate that about 1.8 million letters will be sent to in-state tax filers, with up to 1.2 million letters going to out-of-state filers. About 800,000 taxpayers who have enrolled in Experian's ProtectMyID plan and provided an email address will receive email notifications, officials said.

The tab for the Haley administration's response to the theft had already been at nearly $20 million, including a $12 million contract with Experian that covers two credit monitoring agencies.

In a report released this week, Inspector General Patrick Maley recommended centralizing the cyber security functions of state agencies to help prevent another loss of personal data. Maley also said leaving the responsibility of data security to each agency leads to uneven data protection and prevents officials from managing or even understanding risks that could affect all state government. He said a new statewide security chief should be appointed, independent of the Division of State Information Technology.

State House and Senate lawmakers have convened their own panels to investigate ways to increase the state's cyber security. On Wednesday, the chief of the state's information technology division told senators that responsibility for monitoring agency cyber security should be centralized.